| ▲ | AndroTux 6 hours ago | |
We solved this by introducing a silent block. If the system notices unusual behavior (too many payment attempts per user, for example), it no longer sends the payment attempt to the provider. Instead, it idles for a second or two and then just fails with a generic “payment declined.” Most attackers don’t notice they’re being blocked and just assume all credit cards are bad. | ||
| ▲ | williamdclt 3 minutes ago | parent | next [-] | |
the "notice unusual behavior" is the hard part | ||
| ▲ | quietbritishjim 5 hours ago | parent | prev | next [-] | |
Sounds like any per-user detection wouldn't have worked in this case. | ||
| ▲ | 5 hours ago | parent | prev [-] | |
| [deleted] | ||